o2 DSL Auto Configuration Server Credential Disclosure
Posted by deepcore on January 9, 2016 – 1:17 am
The o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This enables the attacker to place and receive calls on behalf of the attacked user.
Post a reply
You must be logged in to post a comment.